Penetration Testing Manager

The world of global advisory, audit and tax compliance services for large multi-nationals is rapidly changing and heavily dependent on technology.    

The KPMG Delivery Network (KDN) is a KPMG special purpose member firm offering a way for clients to leverage KPMG top talent and technology platforms through regional teams of specialists, enabling economies of scale and a new way of working that expands beyond local capability

Together with KDN, KPMG member firms can drive the sales and delivery of global solutions at a competitive price and in a repeatable and consistent manner. As a member of KDN, you’ll be a part of the KPMG family working alongside some of our profession’s most skilled practitioners on rewarding programs and initiatives that are changing the way business operates, delivering value to our clients, and driving positive change in the communities we serve.

You’ll be enabling KDN accelerate new ways of working, using cutting-edge technology and working together with our member firms located in nearly 150 countries to help us achieve our ambition to be the most trusted and trustworthy professional services firm. 

And through your work, you’ll build a global network and unlock opportunities that you may not have thought possible with access to great support, vast resources, and an inclusive, supportive environment to help you reach your full potential.

Our KDN Bulgaria Cloud Services Unit is focused on designing, building, securing and managing cloud native & hybrid platforms for the KPMG group of member firms, as well as providing cloud advisory and engineering services to external clients.

Your Responsibilities: 

Exploitation depth (2+ areas):

• Web/API: Manual exploitation beyond scanners; SSRF (incl. IMDS), IDOR/BOLA, OAuth/OIDC/JWT issues, deserialization, template injection, GraphQL authZ, file upload/RCE.

• Internal/AD: Kerberoasting & AS‑REP roast, constrained/unconstrained delegation, RBCD, ADCS abuses (e.g., ESC1/ESC8), NTLM relay/LLMNR, lateral movement and path analysis (within scope).· Infrastructure & Enterprise Assessments (ISSAF‑aligned): Ability to plan and execute structured assessments of enterprise environments using ISSAF (or equivalent PTES/OSSTMM/NIST 800‑115) covering network/perimeter testing, segmentation control validation, host/service hardening review (Windows/Linux), identity/directory platforms at a capability level (e.g., AD/Azure AD/LDAP), remote access (VPN/VDI/SSO/MFA), wireless posture (802.11), and network device configuration review (firewalls/routers/switches). Emphasis on recon -> enumeration -> vuln validation -> exploitation -> post‑exploitation triage -> evidence‑driven reporting, strictly within ROE.

• Cloud (AWS/Azure): IAM privilege escalation, role assumption via SSRF, misconfig exploitation (S3/Blob, policies), Managed Identity abuse, basic Kubernetes/RBAC misconfigs.
  
  

What you bring in:

• Certifications: OSCP (required); OSWE preferred or equivalent demonstrable web‑exploitation depth (portfolio, write‑ups, tooling).
• Engagement leadership: Proven ability to scope ROE, plan tests, lead execution, ensure QA, and deliver readouts; aligns to PTES / NIST 800‑115 and OWASP ASVS/WSTG.
• Tooling & scripting: Burp Suite Pro; Nmap; Impacket/Responder; BloodHound/SharpHound; CrackMapExec; Kerbrute; Python/PowerShell/Bash for PoCs and one‑offs; Git for versioning.
• Reporting & communication: Evidence‑driven, reproducible findings with clear business impact and remediation; confident executive & engineering readouts.
• Governance: Strong data handling, logging, and chain‑of‑custody discipline; operates strictly within ROE and client compliance environments (e.g., ISO 27001, PCI DSS, etc…).
• Nice to have: Pre‑sales/SOW creation, mentoring, and playbook/tooling development.
• Fluent English language skills are a must

What we offer:

• The chance to work in a top talent team
• Attractive remuneration
• Build knowledge in cutting-edge technologies
• Opportunity for continuous training, learning and certification
• Experience in an international and multicultural organization
• Work on challenging projects with clients in various industries around the globe
• Modern office environment
• Additional health insurance
• Life insurance
• 50+ benefits and services to choose from
• Hybrid working policy